Add per-account check position setting (top/middle/bottom/3-per-page)
so checks print in a specific slot on the page. Fix logos never
appearing on checks or in the layout editor — the Logo layout field
was missing from the default seed data and existing accounts.
Add OpenID Connect as an alternative login method. Users can sign in
via an external identity provider (e.g., Authentik, Keycloak, Google).
- OIDC settings configured in admin UI (discovery URL, client ID/secret,
redirect URI, button label, enable/disable toggle)
- PKCE-based authorization code flow with state and nonce validation
- Admin can manually link any user's OIDC identity (sub/issuer fields)
- Self-service linking: logged-in users can link/unlink their own account
- SSO button conditionally shown on login page when OIDC is enabled
- Username in header now clickable to open profile for all users
- Callback errors/success communicated via URL hash fragments
- One-time migration (layout_reset_v1) deletes all layout_fields for every
account and re-seeds with the default layout, ensuring .mdb-imported accounts
get the same clean check style as wizard-created ones.
- Remove the -0.25" slot 0 y-offset that was pushing Company Name and Check
Number above the top of the page on the first check.
- Consolidate layout field seed logic into database.js (seedLayoutFields),
removing the duplicate in app.js.
Accounts created before the layout seeder was deployed had no layout_fields
rows, so PDFs rendered blank (MICR only). The startup migration in database.js
now seeds default layout fields for any account with zero rows, idempotently
via INSERT OR IGNORE. Also adds Company Name3/Company Name4 cases to
resolveFieldValue so company3/company4 render correctly.
Password reset: users with a registered email can request a reset link
from the login screen. A one-hour signed token is emailed via SMTP;
clicking the link opens a set-new-password form. Tokens are hashed
(SHA-256) before storage and invalidated after use.
SMTP settings: admin-only panel in the Users modal lets admins
configure host, port, encryption, credentials, and from address.
Settings persisted in a new key-value settings table. The SMTP
password is never returned to the client.
Users: email field added to the create/edit form and stored in a new
users.email column. Email is used for password reset lookup.
Add Account: admins now have a + button in the header that opens the
existing setup wizard to add additional checking accounts.
Schema: adds password_reset_tokens and settings tables with automatic
runtime migrations for existing databases.
- Fix account settings modal overflow: add max-height to .modal, make
.modal-body flex/scrollable, widen #acct-settings-modal to 620px
- Add role column to user_accounts (editor|viewer) with migration;
existing assignments promoted to editor
- New isEditorForAccount() in auth middleware for per-account write checks
- Replace global requireEditor with per-account checks in checks.js,
deposits.js, pdf.js, deposit-pdf.js, qbo-import.js
- GET /api/accounts now returns user_role per account
- users.js returns {account_id, role} per assignment; POST/PUT accept
accounts as [{id, role}]
- Frontend: state.accountRole tracks effective role for active account;
applyRoleUI and renderRow use it; user management shows role dropdown
per account assignment
- Halve all check line thicknesses (line_thick * 0.5)
- Add second_signature column to account table with runtime migration
- Account settings toggle: enables a second signature line drawn 0.25"
above the primary signature line, matching its width and thickness
- Schema: account_id FK on checks and layout_fields; UNIQUE per-account on check_no and field_name
- DB: runtime migration recreates both tables to add account_id (assigns existing rows to account 1)
- Routes: GET /api/accounts lists all; GET /api/account/:id replaces hardcoded id=1; POST /api/account/setup always creates a new account and returns accountId
- checks.js: all queries scoped by account_id; POST requires account_id in body
- pdf.js: resolves account from check's account_id instead of id=1; layout fields fetched per-account
- import-mdb.js: always INSERTs a new account (never deletes existing); all records tagged with new accountId
- Frontend: account switcher in header; activeAccountId persisted to localStorage; all API calls pass account_id; switching accounts reloads checks; wizard and import auto-switch to newly created account
steve